Image processor and recording medium

ABSTRACT

An authentic scanner driver  11  provided with a function of preventing unauthorized use is installed in a personal computer  10.  Data is sent and received with a color scanner  20  via the driver. The color scanner  20  is provided with a driver recognition portion  22  for making a decision as to whether the connection target is an authentic driver. Only where the driver is judged to be an authentic driver, normal image processing (acceptance and transfer of data) is performed. Where the driver is not an authentic driver, the normal image processing is stopped. Thus, the unauthorized use preventing function incorporated in the driver is operated with certainty. Monitoring is done to detect whether fraudulent processing such as forgery is performed. Consequently, unauthorized use can be prevented.

TECHNICAL FIELD

This invention relates to an image processor and recording medium forpreventing unauthorized use.

BACKGROUND ART

With respect to conventional image recognition systems coping withforgery of paper currencies and securities, various types have beenproposed and put into practical use for apparatus in which from imageinputting to image creation are implemented within a closed system suchas color copiers. Furthermore, as image readers such as image scanners,personal computers, and image creation apparatus such as printersimprove in performance and decrease in price in recent years, forgery inan open system has constituted a social problem. Countermeasures againstit have been variously studied.

In any case, the fundamental image recognition processing consists ofsteps of processing obtained image data (input data) by an image dataprocessing portion (feature extraction portion), comparing image dataoutput by the image data processing portion and certain patternspreviously stored in a nonvolatile memory or the like, and outputtingthe results of recognition to a control portion.

To carry out this recognition processing, it is possible to adopt eithera method of installing dedicated hardware or a method of installingsoftware. With decrease of prices of apparatus such as scanners andprinters, it is also necessary to reduce the cost of the system forperforming recognition processing. Preferably, this is achieved insoftware. Furthermore, as processing capabilities of CPUs have improvedin recent years, practically acceptable processing speeds have beenobtained even with recognition processing by software.

Where mounting software is considered, a method of mounting into apersonal computer and a method of mounting into an external deviceconnected with a personal computer such as a scanner or printer areconceivable. Usually, personal computers are higher in processingcapability than external devices. Furthermore, personal computers havelarger storage capacities. Therefore, it is realistic to mount on thepersonal computer side.

Specifically, forgery prevention software including recognitiondictionary and engine is incorporated in a driver for an external devicethat should be prevented against forgery. Then, where various externaldevices are used, data is sent and received always via the driver.Therefore, recognition processing owing to the forgery preventionsoftware is reliably performed. Thus, forgery prevention can beaccomplished.

While software can be easily loaded into personal computers, anenvironment thereof can be easily altered. Therefore, a driver for suchan external device can be developed, and image data can be input andoutput between the external device and the personal computer using thedeveloped driver. Then, no forgery prevention software is incorporatedin the developed driver. This enables unauthorized use.

It is an object of this invention to provide a device such as a colorprinter, color scanner, and computer used in an open system with animage processor and recording medium capable of reliably preventingunauthorized use.

DISCLOSURE OF THE INVENTION

An image processor according to this invention is an image processorconnected with a computer in an image processing system. This processoris provided with decision means for making a decision as to whether theconnection target connected with the image processor is an authenticconnection target having a function of preventing duplication ofcopy-inhibited matter. The processor is so configured that normal imageprocessing is performed only when the connection target is judged to bethe authentic connection target.

Under the same preconditions, the processor can be also so constructedthat it has decision means for making a decision as to whether theconnection target connected with the image processor is an authenticconnection target having a function of preventing duplication ofcopy-inhibited matter, and control means that performs normal imageprocessing where the decision means has recognized that the connectiontarget is an authentic connection target. Where the decision means hasrecognized that the connection target is not an authentic connectiontarget, the control means stops the normal image processing.

The connection target can be a driver program, for example, for theimage processor, the program being used to send and receive data betweenthe image processor and the computer. The image processor constructs animage processing system by being connected with the computer. Forexample, the processor includes a scanner and printer. Furthermore, thedecision means and control means are realized by one driver recognitionportion 22 in a mode of practice. The function of preventing duplicationof copy-inhibited matter makes a decision as to whether image data onthe processed subject is copy-inhibited matter that is inhibited frombeing duplicated, read out, or printed out such as paper currency,securities, or confidential document. If it is copy-inhibited matter,various kinds of processing are performed to inhibit normal output. Thismay be referred to as the “function of preventing unauthorized use”herein. This function itself of preventing unauthorized use may actuallyprevent normal output but this is not always required to be performed.Various kinds of notifications for preventing normal output may beissued.

“To stop normal image processing” contains, of course, a case where theprocessing itself is not done. Various methods can be also adopted. Forinstance, the resolution or quality may be impaired, a color orcharacters may be superimposed on parts, or a mark is attached on thematter indicating that it is copy-inhibited matter and the matter isdelivered.

“Normal output is inhibited” contains, of course, a case where outputitself is not done as literalized. Various methods can be also adopted.For instance, the resolution or quality may be impaired, a color orcharacters may be superimposed on parts, or a mark is attached on thematter indicating that it is copy-inhibited matter and the matter isdelivered, as same as the case of “To stop normal image processing”described above.

In cases where “normal output is inhibited”, the control means realizesthis by operating to cut off the connection with the connection targetwhere the decision means judges that the connection target is not anauthentic one. Here, to cut off the connection, of course, includescancellation of the connection. A case where the original state isresumed and the connection processing is executed from the beginning isalso included. In any case, an initializing operation is performed. Ittakes some time until mutual data transmission is made possible. This isdesirable.

According to this invention, where an authorized connection targethaving a function of preventing unauthorized use is present in acomputer, the image processor side checks that the authorized connectiontarget is present and then performs normal image processing. That is,where the image processor is a scanner, processing is performed to takein image data and to transfer it to the computer. Furthermore, where theimage processor is a printer, the gained image data is printed out. Inany case, the computer is equipped with the function of preventingunauthorized use. Therefore, where image data to be processed iscopy-inhibited matter, normal processing is stopped by the function ofpreventing unauthorized use.

Where an image processing system is constructed using a connectiontarget having no function of preventing unauthorized use and given imageprocessing is attempted, when the decision means judges that theconnection target is not an authentic connection target, then thecontrol means stops the normal image processing. Again, fraudulent orunauthorized use can be prevented in advance.

The decision as to whether the connection target is an authenticconnection target can be made based on data sent from the connectiontarget side. That is, where a title is attached to the connectiontarget, for example, the title is sent. The decision means holdsinformation (title in this case) previously sent in from the authenticconnection target. The decision means can judge whether it is authenticor not, depending on whether the former agrees with the latter or not.Furthermore, data to which security information for identifying theconnection target is attached is sent from the connection target toenhance the security further, rather than simply sending the title. Thedecision means can judge whether the security information is authenticor not. The security information is information for demonstrating theissuing source (connection target) such as an electronic signature andelectronic watermark.

Furthermore, at least a part of data sent and received with theconnection target may be encrypted. The “at least a part of the data”can be either “some of a plurality of data items” or “a part of datasent or received in one operation” where there are plural data items tobe sent or received. Of course, all the data may be encrypted. Withrespect to the “data sent and received”, either one of the connectiontarget and image processor may be a sending source; it suffices toencrypt only one-side communication. That is, only data sent from theconnection target may be encrypted or only data sent from the imageprocessor may be encrypted. Of course, there is no hindrance inencrypting both.

In the case of an authentic combination, the sent data can be decryptedby attaching information for decryption to the image processor and tothe connection target. Based on it, given processing can be performed.In cases where the combination is not authentic, data itself that shouldbe encrypted is sent unencrypted or encrypted differently. As a result,the data cannot be decrypted with the held information, or there is noinformation to be decrypted and undecrypted data gives rise to unusableresult. In any case, normal image processing cannot be performed and sounauthorized use can be prevented.

Where the data cannot be decrypted normally or sent in without beingencrypted to begin with in this way, it can be judged that theconnection target is not an authentic one. That is, the decision meansof the present invention includes both a case where an active decisionis made as to whether the subject is authentic, based on informationabout the title of the connection target or security information and acase where a passive decision is made utilizing the above-describedencryption technique and recognizes that only an authentic one operatesnormally. In the latter case, the decision means includes execution ofdecryption processing and execution of encryption processing.

The decision means may be preferably so constructed that it encrypts atleast a part of data sent to the connection target and judges whetherthe connection target is authentic or not, depending on whether theconnection target can be decrypted normally, or that the connectiontarget receives at least partly encrypted data and judges whether theconnection target is authentic or not, depending on whether the receiveddata can be decrypted normally.

Based on the inventions described above, image recognition means forrecognizing that a copy-inhibited image is contained in the input imagedata is provided. Where the decision means judges that the connectiontarget is an authentic connection target, one of the function of theimage recognition means and the function of preventing duplication of acopy-inhibited object may be stopped. The latter function is provided onthe normal connection target.

As such, in the case where the function (unauthorized use preventingfunction) of preventing duplication of copy-inhibited matter is deletedon the side of the connection target, unauthorized use can be preventedby the image recognition apparatus. In the case of a normal connectiontarget, unauthorized use preventing functions exist both on the computerside and on the image processor side. If processing is performed on bothsides, it takes time. This deteriorates the intrinsic performance of theimage processing system. Accordingly, only one of them is operated.

On the other hand, a recording medium according to the invention iscombined with the above-described image processor to effectively realizethe function (unauthorized use preventing function) of preventingduplication of copy-inhibited matter. The recording medium is arecording medium loaded with a driver program installed in a computerfor controlling the image processor within the image processing systemmade up of the computer and the image processor connected with it. Inthe recording medium, the driver program has an unauthorized usepreventing program for preventing duplication of copy-inhibited matterand a program for performing processing for notifying the imageprocessor (i.e., communication partner) that it is provided with theunauthorized use preventing program.

The notifying processing may consist only of sending driver informationsuch as the driver's title. The processing may perform processing forcreating data to which security information is attached and outputtingit. Furthermore, the processing may include processing for encryptingsome or all of the notified data. Thus, the security can be enhancedfurther. In addition, a program for executing processing for decryptingencrypted image data sent in from the image processor may be provided.

The constituent elements of the invention described thus far can becombined as many as possible. The various means constituting the imageprocessor according to this invention may be realized by a dedicatedhardware circuit. Also, they may be realized by programmed software.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a view showing one example of a system to which the presentinvention is applied;

FIG. 2 is a diagram showing a first mode of practice of the invention;

FIG. 3 is a diagram illustrating its processing procedure;

FIG. 4 is a diagram showing a second mode of practice of the invention;

FIG. 5 is a diagram showing a third mode of practice of the invention;

FIG. 6 is a diagram showing a fourth mode of practice of the invention;

FIG. 7 is a diagram illustrating an example of modification;

FIG. 8 is a diagram showing a fifth mode of practice of the invention;

FIG. 9 is a diagram showing an example of modification;

FIG. 10 is a diagram showing a sixth mode of practice of the invention;and

FIG. 11 is a diagram illustrating its processing procedure.

BEST MODE FOR CARRYING OUT THE INVENTION

In describing the present invention in further detail, it will bedescribed according to the accompanying drawings.

FIG. 1 shows one example of an open system to which the presentinvention is applied and which is used to output an image. As shown inthis figure, a color scanner 20 and a color printer 30 are connectedwith a personal computer 10. Image data read in by the color scanner 20is sent to the personal computer 10, where given image processing isperformed. Then, the data is printed out from the color printer 30. Ofcourse, the image data processed by the personal computer 10 is notlimited to that sent from the color scanner 20 as mentioned above. Thedata may also be supplied via a recording medium such as MO and FD.

In the description of the illustrated example, the personal computer 10,color scanner 20, and color printer 30 are connected directly by generalinterfaces. The invention is not limited to this but rather embraces onewhere they are networked. That is, the installation locations may beremote.

A scanner driver 11 is installed on the personal computer 10 side. Thisscanner driver 11 includes a normal driver program. In addition, it hasa program incorporating a function (unauthorized use preventingfunction) of preventing duplication of copy-inhibited matter. That is, arecognition dictionary for detecting copy-inhibited matter such as papercurrencies and securities, and an image recognition engine areincorporated. In the following description, an example in which anunauthorized use preventing function is incorporated in the scannerdriver for the color scanner 20 is described. Such an unauthorized usepreventing function may be added to the printer driver for the colorprinter 30, and given processing may be executed with the color printer30. Normal image creation/output processing may be performed only inresponse to the output from the authentic driver.

The scanner driver 11 having the unauthorized use preventing functionhas a function intrinsic to the driver, i.e., image data sent from thecolor scanner 20 is accepted into the body of the personal computer 10.In addition, the scanner driver performs image recognition processing onthe gained image data and makes a decision as to whether it iscopy-inhibited matter. Where it recognizes that it is copy-inhibitedmatter, normal image processing is inhibited. Various kinds ofprocedures can be adopted as this processing for inhibiting the normalimage processing. For example, the gained image data is abandoned. Theimage is partially or totally impaired in resolution or quality.Information indicating that it is copy-inhibited matter is attached andstored.

In the present mode of practice, as shown in FIG. 2, the color scanner20 that is an external device has an image processing body portion 21for realizing a function of reading an image, the function beingintrinsic to the scanner. In addition, a driver recognition portion 22is provided in the scanner. That is, the image processing body portion21 reads in a document placed on a document table and accepts imagedata. After performing image processing such as exposure correctionabout the accepted image data, the image data is transferred to thepersonal computer 10. This processing function is the same as in theprior art.

The driver recognition portion 22 that is a main portion of theinvention is installed in the personal computer 10 and makes a decisionas to whether the driver communicating with the color scanner 20 is anauthentic driver. In the case of an authentic driver, a normal operationis performed. That is, the gained image data is sent to the personalcomputer 10 side. On the other hand, where it is not a normal driver, afunction-limiting operation is performed. This function limitation canperform inhibiting processing in the same way as when it is recognizedas copy-inhibited matter. For example, the image data is not sent intactbut processed and then sent to the personal computer. Furthermore, datacommunication itself may also be stopped.

In particular, the color scanner 20 side and personal computer 10 sidehave a function for realizing the flowchart shown in FIG. 3. That is,prior to the operation of the image processing body portion 21 of thecolor scanner 20, the driver recognition portion 22 inquires of thepersonal computer 10 about the driver check (ST1). That is, the bodyportion requires the personal computer 10 to send back driverinformation (e.g., driver title) for the color scanner 20 installed inthe personal computer 10.

The personal computer 10 receiving it performs a driver check response(ST2). That is, the driver title of the used scanner driver is sent asdriver information back to the color scanner 20 side.

The driver recognition portion 22 gains the driver information sent backand makes a decision as to whether it is an authentic driver equippedwith a function of preventing unauthorized use (ST3). That is, it judgeswhether the driver title sent in is coincident with the stored drivertitle. If they agree, the recognition portion judges that it is anauthentic driver and enables the image processing body portion 21 toperform normal operation (ST4). Concomitantly, the accepted image datais accepted into the personal computer via the scanner driver 11 of thepersonal computer 10.

Of course, this “enabling of normal operation” includes activenotification of enabling. The enabling also includes passive enablingsuch as execution of normal operation provided no specific notificationis issued. Furthermore, it may only consist of producing a triggersignal for the start of operation to the image processing body portion21.

On the other hand, if the driver recognition portion 22 judges that noauthentic driver is connected, it performs a function-limiting operation(ST5). That is, the driver recognition portion 22 sends a control signalto the image processing body portion 21. Concomitantly, the imageprocessing body portion 21 transfers a processed image (e.g., the imagedata is partly or totally impaired in resolution or quality or itscolors are changed). It is also possible to once cancel thecommunication itself between the personal computer 10 and the colorscanner 20, and it is again executed from the beginning.

FIG. 4 shows main portions of a second mode of practice. In the presentmode of practice, a driver title is transferred together with the scanrequest sent from the personal computer 10 side as a pair, unlike theabove-described mode of practice. That is, normally, where the colorscanner 20 is operated and image data is taken in, a scan request issent as an operation order from the personal computer 10 side.Accordingly, when this scan request is sent, driver information is alsosent (ST6). That is, this scan request sends the driver title that isdriver information and command data showing contents of an actualinstruction as a pair to the color scanner 20. The scan request in whichthe driver title is integrated with the command data is created by thescanner driver 11 provided with the function of preventing unauthorizeduse.

On the color scanner 20 side, the driver recognition portion 22 extractsthe driver title in the scan request and makes a decision as to whetherthe driver is authentic (ST7 and ST3). In the case of a normal driver,normal processing corresponding to the received command data is carriedout (ST4). Where it is not an authentic driver, a function-limitingoperation is performed (ST5). Since the decision as to whether it is anauthentic driver or not and correspondence based on the results of thedecision are similar to those of the above-described first mode ofpractice, their detailed description is omitted.

FIG. 5 is a flowchart illustrating the functions of main portions of athird mode of practice of the invention. In the above modes of practice,driver information (driver title) is sent as material for decision as towhether the driver is authentic or not from the personal computer 10 tothe color scanner 20 side. In the present mode, the interface forsending and receiving information between the personal computer 10(scanner driver 11) and the color scanner 20 is encrypted.

That is, if it is discovered that “authenticity is judged according tothe driver title” and the “formal driver title”, then there is a dangerthat a forgery scanner driver only a driver title of which is identicalwith the genuine one but is not provided with the function of preventingunauthorized use is manufactured and used. Therefore, the deviseillustrated in a first or second mode of practice described above hasthe possibility of being recognized as authentic one.

Accordingly, in the present mode of practice, the interface i.e., theconnection means (interface protocols) is encrypted to attempt anencrypted connection. Thus, the connection target is automaticallyrecognized. Therefore, normal operations can be performed only with acertain connection target, i.e., only with the authentic driver.Therefore, where a false driver having a forged driver title is used forunauthorized use, the connection itself is not made. Transmission itselfof image data taken in by the color scanner 20 to the personal computer10 side can be hindered. Consequently, forgery can be prevented. Usingthe authentic driver, the image data can be transferred to the personalcomputer 10. Hence, there is no harmful effect on the authentic user.

To realize such processing, an encrypted connection request is issuedfrom the personal computer 10 (scanner driver 11) to the color scanner20 as shown in FIG. 5 (ST10). That is, the public cryptokey on thepersonal computer side is sent. According to this encrypted connectionrequest, the color scanner 20 side sends an encrypted connectionacknowledgement (ST11). That is, the public cryptokey on the scannerside is sent. In consequence, an encrypted connection is attempted usingthe mutually gained public cryptokeys.

The driver recognition portion 22 on the color scanner 20 side makes adecision as to whether the encrypted connection has succeeded (ST13). Ifit fails, an abnormal end is effected. A reconnection is attempted. Ifthe encrypted connection succeeds, data is sent and received under thestate of the encrypted connection. That is, the personal computer 10side issues a scan request (command) (ST12). The color scan 20 sidereceiving the scan request accepts the data on the image placed on thedocument stage (image scan) and then performs image processing such asexposure correction and creates image data (ST14 and ST15). The createdimage data is transferred as an encrypted connection acknowledgement tothe personal computer 10 side (ST16). The processing is ended. The stepsof processing from the scan request of step 12 to the transfer of theimage data of step 16 are the same as the prior art except that anencrypted connection is made. Therefore, detail description of thevarious portions is omitted.

FIG. 6 is a flowchart illustrating the functions of main portions of afourth mode of practice of the invention. In the above-described thirdmode of practice, the interface is encrypted. Alternatively, in thepresent mode of practice, data is partially or fully encrypted. And, inthe present mode of practice, some improvements are made based on thesecond mode of practice.

That is, information for decrypting a cryptogram is previouslyincorporated on the color scanner 20 side. The personal computer 10(scanner driver 11) reads in a request command to be transmitted, andencrypts the request command to be transmitted (ST20). With thisencryption, in case of that the scan request has a data architecturewhere the driver title and a specific command data are paired, it ispossible to encrypt one or both of the “driver title” and “commanddata”. Furthermore, only a part of the command data may be encryptedrather than all of the data is encrypted. Then, the scan request(already encrypted) generated as mentioned above is sent to the colorscanner 20 side (ST21).

On the other hand, on the color scanner 20 side, the received scanrequest (already encrypted) is decrypted, and the contents of themeaning of the command are analyzed (ST22). Then, the driver recognitionportion 22 makes a decision as to whether the decryption has succeeded(ST23). Where it fails, an abnormal end is effected, and a reconnectionis attempted. If the encryption has succeeded, image data is taken in(image scan), based on the decrypted scan request (command). Then, imageprocessing such as exposure correction is performed, and image data iscreated (ST24 and ST25). The created image data is sent to the personalcomputer 10 side (ST26). The processing is ended. The steps ofprocessing from the image scan of step 24 to the transfer of the imagedata of step 26 are the same as the prior art. Therefore, detaildescription of the various portions is omitted.

In the above modes of practice, examples in which data sent from thepersonal computer 10 side (i.e., scan request (command)) are encryptedare shown. Encryption of data between the personal computer 10 and thecolor scanner, however, 20 is not limited to the foregoing. Data sentfrom the color scanner 20 to the personal computer 10 side (i.e., theaccepted image data) may be encrypted.

In particular, as shown in FIG. 7, according to a scan request (ST31)from the personal computer 10 side, the color scanner 20 side takes inthe image data (image scan) and then performs image processing such asexposure correction. Image data is created (ST32 and ST33). The createdimage data is encrypted, and the encrypted image data is transferred tothe personal computer 10 side (ST34 and ST35). With respect toencryption of the image data, all the image data may be encrypted or apart of the image data may be encrypted.

In the personal computer 10 gaining the encrypted image data, as theauthentic driver previously possesses information necessary fordecryption, the gained image data is decrypted (ST36). Then, givenprocessing such as processing and saving of the data is performed. Ofcourse, the authentic driver has a function of preventing unauthorizeduse and, therefore, performs given image recognition processing aboutthe decrypted image data. It makes a decision as to whether the subjectis copy-inhibited matter such as a paper currency. Where it iscopy-inhibited matter, given inhibition processing is performed.

In the case of a non-authentic driver, as it has no information fordecryption it cannot decrypt the gained image data. The accepted imagecannot be used. Since the image data itself is encrypted in this way, inthe case where the decryption fails, unauthorized use is not allowed.Therefore, a decision is not made as to whether the decryption issuccessful or not. Of course, a decision may be made, and when thedecryption fails, some message such as “Please use an authentic driver”may be output onto the display device of the personal computer 10. Ifsuch an error message is output, a user in good faith who has changedthe driver by chance is informed that normal image data is nottransmitted not because the apparatus is at fault. This is favorable.

Displaying a message on the display device in this way is not limited tothe present mode of practice. It can be similarly applied to the modesof practice already described and to modes of practice described below.

FIG. 8 is a flowchart illustrating the function of main portions of afifth mode of practice of the invention. In the above first mode ofpractice, a driver title is sent as driver information, and a decisionis made as to whether the driver title gained by the driver recognitionportion 22 is authentic or not. In the present mode of practice, anelectronic signature is attached to the request command. The driverrecognition portion 22 obtains normal processing on the condition thatan authentic electronic signature is attached.

Specifically, as a premise, the driver recognition portion 22 of thecolor scanner 20 stores and holds an electronic signature that theauthentic driver supplies. First, the personal computer 10 (scannerdriver 11) electronically signs on a transmitted request command (ST41).Then, the electronically signed request command is sent as a scanrequest to the color scanner 20 side (ST42).

On the other hand, when receives the scan request, the driverrecognition portion 22 of the color scanner 20 checks the digitalsignature affixed to the scan request. Then, the recognition portionmakes a decision as to whether it agrees with the authentic digitalsignature stored and held (ST43 and ST44).

If the electronic signature agrees and is judged to be an authenticdriver, normal operations (image scan→image processing→image transfer)are performed (ST45). In the case where it is not an authentic driver,various operations for limiting functions are executed (ST46). Theoperations for limiting the functions are the same as already describedin the first mode of practice.

The information attached to the request command is not limited to theabove-described electronic signature. For example, an electronicwatermark, for example, may be inserted instead of an electronicsignature. In particular, as shown in FIG. 9, the scanner driver 11 ofthe personal computer 10 inserts an electronic watermark (ST41′) in therequest command. The request command containing the electronic watermarkis sent as a scan request to the color scanner 20 side (ST42).

On the other hand, in case of that the driver recognition portion 22 ofthe color scanner 20 receives the scan request, the portion checks theelectronic watermark attached to the scan request and makes a decisionas to whether this agrees with the authentic electronic watermark storedand held (ST43′ and ST44). If the electronic watermark agrees and isjudged to be an authentic driver, normal operations are performed(ST45). In the case where it is not an authentic driver, operations forlimiting various functions are performed (ST46).

The driver title may also be stored in the request command together withthe electronic signature. The decision as to whether it is an authenticdriver may be made as follows. It is recognized as an authentic driveronly if the electronic signature and driver title are both authentic. Inthis way, various modes of practice can be combined. Furthermore, theabove-described encryption technology may be applied to that to whichthis electronic signature or electronic watermark is attached, and dataor connection processing may be encrypted. In this way, plural modes ofpractice can be combined and implemented.

FIGS. 10 and 11 show a sixth mode of practice of the invention. In thepresent mode of practice, an unauthorized use preventing function isalso incorporated on the color scanner 20 side acting as an externaldevice. Where an authentic driver having the unauthorized use preventingfunction is incorporated on the personal computer 10 side, deteriorationof the performance is prevented by running only one unauthorized usepreventing function.

In particular, in case of that image recognition apparatus 23 where theunauthorized use preventing function installed in the color scanner 20is constituted by hardware as shown is used, recognition processing isperformed using the image recognition apparatus 23 having a highprocessing speed. The unauthorized use preventing function incorporatedas software in the scanner driver 11 is stopped. That is, as in theflowchart shown in FIG. 11, a scan request is issued from the scannerdriver 11 of the personal computer 10 to the color scanner 20 togetherwith driver information (driver title, electronic signature, electronicwatermark, etc.) (ST51). Of course, in the case of a driver not havingan unauthorized use preventing function, a normal scan request having nodriver information will be issued.

The driver recognition portion 22 of the color scanner 20 receiving thisscan request checks the driver information and makes a decision as towhether it is mounted with an unauthorized use preventing function (ST52and ST53). If the portion judges that it is a driver mounting anunauthorized use preventing function, the portion issues an order forstopping the unauthorized use preventing function to the scanner driver11 (ST54).

The scanner driver 11 receiving this stops the unauthorized usepreventing function and performs normal processing such as intact savingand processing of received image data without performing recognitionprocessing on the image data sent in next (ST55 and ST56). Of course,where the image recognition apparatus 23 does not exist on the colorscanner 20 side, such a stop order is not issued. Therefore, givenrecognition processing is performed on the image data sent in based onthe unauthorized use preventing function.

Furthermore, on the color scanner 20 side, after the above-describedstop order is issued, or where the scanner drive is not mounted with anunauthorized use preventing function, the scanner side goes to step 57,where a normal scan operation is performed. Image data is taken in.Recognition processing is performed on the image data taken in by theimage recognition apparatus 23. A decision is made as to whether it isan image of copy-inhibited matter attempting an unauthorized use (ST57to ST59).

In the case of an authentic output that is not copy-inhibited matter,image processing such as exposure correction is performed and then thecreated image data is transferred (ST60 and ST61). On the other hand,where the result of the branch decision of step 59 is that it iscopy-inhibited matter, an “error end message” is sent as error responseprocessing to the personal computer 10 side (ST62). The personalcomputer 10 side receiving this error end message outputs and displaysthe error message onto the display device (ST63 and ST64). As for thiserror message, the image of the copy-inhibited matter is taken in and soreading is stopped. Contents permitting the user to recognize that theapparatus is not at fault are displayed.

Where it is judged in step 59 that the output is not authentic, anoperation for limiting functions is performed in the same way as in theabove modes of practice, rather than sending an error end message as inthe present mode of practice. For example, image data that is impairedin quality or resolution, for example, may be transferred. Conversely,in the above-described modes of practice, processing functions of steps62-64 may be incorporated, and an error message may be output to thepersonal computer side and displayed.

It is also to be noted that in the above modes of practice, the imagerecognition apparatus 23 installed on the color scanner 20 side isconstituted by hardware and so the unauthorized use preventing functionincorporated in the scanner driver 11 is stopped. However, where theunauthorized use preventing function incorporated in the scanner driver11 is constituted by software, in case that an authentic driver isincorporated in the personal computer 10, recognition processing may beperformed by the personal computer side having a high-performance CPU.Where there is no authentic driver, the scanner side may perform therecognition processing.

Although omitted in the figures, in the above modes of practice, acommunication interface is installed in each of the personal computer 10and color scanner 20. Data is sent and received between the personalcomputer 10 and color scanner 20 via the communication interfaces.

The description of all the above-described modes of practice is based onapparatus where the personal computer incorporates a driver providedwith an unauthorized use preventing function and an external device suchas a color scanner incorporates a driver recognition portion for makinga decision as to whether the driver is authentic or not. However, thepresent invention is not limited to one that has been completed asapparatus in this way. For example, the above-described steps ofprocessing may be a program (driver software) to be executed by thecomputer, and a computer-readable recording medium such as a CD-ROMloaded with a driver having an unauthorized use preventing function isalso one form of practice of the invention.

INDUSTRIAL APPLICABILITY

As described thus far, in this invention, an image processor does notoperate normally unless an authentic connection target provided with anunauthorized use preventing function is used. Consequently, unauthorizeduse can be certainly prevented.

1. An image processor that is configured to input image data or outputimage data, which is capable of being connected to an outside of acomputer that has a connection target, comprising: a decision componentfor making a decision as to whether said connection target is anauthentic connection target having a function of preventing duplicationof copy-inhibited matter; and a control component for performing normalimage processing where said decision component recognizes saidconnection target as said authentic connection target and for inhibitingnormal image processing where said decision component recognizes saidconnection target not as an authentic connection target, in order toprevent duplication of said copy-inhibited matter, and wherein saiddecision component judges whether the connection target is an authenticconnection target or not, depending on whether the connection target cannormally decrypt data sent by the image processor to the connectiontarget which the image processor has at least partially encrypted, ordepending on whether the image processor can normally decrypt data sentby the connection target which the connection target has at leastpartially encrypted.
 2. The image processor of claim 1, wherein saidconnection target is a driver program.
 3. The image processor of claim 1wherein said decision component receives data to which securityinformation for identifying said connection target is attached from saidconnection target and makes a decision as to whether said securityinformation is authentic.
 4. The image processor of claim 1, whereinsaid control component operates to cut off the connection with saidconnection target where said control component has judged that theconnection target is not an authentic connection target.
 5. The imageprocessor of claim 1, comprising an image recognition component forrecognizing whether a copy-inhibited image is contained in input imagedata; wherein in a case where the connection target is judged to be anauthentic connection target by said decision component, preventingduplication of copy-inhibited matter provided in said image recognitioncomponent or said authentic connection target is stopped.
 6. An imageprocessor that is configured to input image data or output image data,which is capable of being connected to an outside of a computer that hasa connection target, comprising: a decision component for making adecision as to whether said connection target is an authentic connectiontarget having a function of preventing duplication of saidcopy-inhibited matter; and wherein normal image processing is performedonly where said connection target is judged to be an authenticconnection target by said decision component, in order to preventduplication of said copy-inhibited matter, and wherein said decisioncomponent judges whether the connection target is an authenticconnection target or not, depending on whether the connection target cannormally decrypt data sent by the image processor to the connectiontarget which the image processor has at least partially encrypted, ordepending on whether the image processor can normally decrypt data sentby the connection target which the connection target has at leastpartially encrypted.
 7. The image processor of claim 6, wherein saiddecision component receives data to which security information foridentifying said connection target is attached from said connectiontarget and makes a decision as to whether said security information isauthentic.
 8. The image processor of claim 6, comprising: an imagerecognition component for recognizing whether a copy-inhibited image iscontained in input image data; wherein in a case where the connectiontarget is judged to be an authentic connection target by said decisioncomponent, preventing duplication of copy-inhibited matter provided insaid image recognition component or said authentic connection target isstopped.